More Resources

Microsoft Improves Azure AD Identity Protection Service

Microsoft's Azure Active Directory Privileged Identity Management service is getting two new features, now in preview.

The new improvements -- an approval workflow feature and an audit history feature -- can be tested if an organization has an Azure AD Premium P2 subscription or is using a trial subscription (such as Microsoft's 90-day trial of the Enterprise Mobility + Security E5 offering).

The approval workflow feature is a revamped user interface that lets a user request access privileges for a specific network role. The request typically gets reviewed by a global administrator, who can see the requests within the Azure Portal. The requests can then be approved or denied, either individually or in bulk fashion. Requestors get an e-mail when a role is approved. Similarly, global administrators get notified of a pending request.

Next, Microsoft is previewing a "My Audit History" feature in the Azure AD Privileged Identity Management service. It will show end users the status of their role requests.

Microsoft commercially released the Azure AD Privileged Identity Management service back in September with the aim of limiting access privileges among IT staff within an organization, with control maintained by a global administrator. One of its main features is a "just in time" capability that permits access to be granted for just a set period of time. The idea is to stem possible elevation-of-privilege types of attacks, which perhaps can spread when an organization loses track of the network access privileges that have been allocated.

Azure AD Privileged Identity Management service works across Office 365, Intune, Azure AD and other Microsoft services. It works not just with staff, but can be used to control network access by contractors and vendors.